Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 29 Jan 2013 05:04:59 +0400
From: Solar Designer <solar@...nwall.com>
To: john-dev@...ts.openwall.com
Subject: Re: dmg2john

On Tue, Jan 29, 2013 at 01:28:57AM +0400, Solar Designer wrote:
> On Mon, Jan 28, 2013 at 11:22:24PM +0200, Milen Rangelov wrote:
> > 		cno = ceil(header2.datasize / 4096.0) - 2;
> > 		chunk = (unsigned char *) malloc(header2.datasize);
> > 		data_size = header2.datasize - cno * 4096;
> > 		if (data_size < 0) {
> 
> So I suggested in the Twitter thread that folks try size_t for now, but
> the correct fix would be different, so that the sanity check is not
> removed.  Perhaps use ssize_t or "long long", or rewrite the check.

I chose to post a different patch in response to Jeremiah's message on
john-users.  That's because there's also a printf format string that
uses "%d", and cno and data_size are also of type int in dmg_fmt_plug.c.

The patch that I posted should be good for up to 8 TB.

I don't understand this format well, though.  There may well be more
issues here.

Alexander

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ